Google: We've slashed account hijackings by 99.7 percent


Google has had some success in its war against account hijackers, and successfully reduced the number of compromised accounts by 99.7 percent compared to the peak of these hijacking attempts recorded in 2011.

This huge improvement is a result of complex risk analysis conducted each time a user signs in, writes Google (NASDAQ: GOOG) Security Engineer Mike Hearn in a new blog. The system draws on more than 120 variables to determine if a particular login is suspicious or risky, and if one is risky, it is subjected to further questioning.

"We've seen a single attacker using stolen passwords to attempt to break into a million different Google accounts every single day, for weeks at a time," writes Hearn, in order to highlight the dangers of relying on a static password. "A different gang attempted sign-ins at a rate of more than 100 accounts per second."

While any reduction in the number of account hijackings is good, it is of scant consolation to those who have the ill fortune of having their accounts broken into. Also, without knowing the total number of hijacked accounts that occurred in the past, it is difficult to gauge if many accounts are still being hijacked despite the enhanced measures.

Ultimately, one method that is guaranteed to significantly improve the security of any account is two-factor authentication. On that front, Google came out with its two-step authentication for all users exactly two years ago, which you may want to enable if you haven't already done so.

For more:
- check out this blog at the Google Official Blog
- check out this article at The Register

Related Articles:
Google experiments with alternatives to static passwords
Google unveils two-factor authentication for users